Re: routing with vlans (switch 5304xl)

the ip of the router if of the primary vlan, witch is vlan1 172.16.15.60, but can actualy be any of the ip's attributed to the vlans, in my case:

vlan1:172.16.15.60vlan2:172.30.15.60vlan3:172.31.15.60

the mask is equal to every vlan 255.255.0.0

and since i configure the switch with a route of "0.0.0.0/0 gw: 172.16.0.1" the switch doesn't use the default gw it has configured, or better yet, this route tels the switch the default gw is 172.16.0.1

note: this information is on the running-config file i attached in one of my previous messages.

i really need to get this problem fixed, i think i'm missing something in terms of routing parameters by i don't no what!!!!

Re: routing with vlans (switch 5304xl)

Yes you're correct about the gateway and your correct about the routing, except you miss printed my GW (172.16.0.1 not 172.16.1.2)

But unfortunatly that isn't my problem, like i said the routing between the vlans is working and i can ping any ip that belongs to any vlan or host, ie, from any vlan to any vlan.

And has you can see from your exemple of "sh ip route" the static route belongs to vlan1 because it's in the same segment, and i think here is my real problem, the switch router trafic that belongs to any of the vlans, but internet trafic is only retorned to vlan1.

Re: routing with vlans (switch 5304xl)

Hugo,

someone is doing NAT for you already. The address space you are using (172.16.x.x) doesn't get routed in the Internet. There is another box Internet facing that does the NAT for you. The box probably doesn't know about the 172.30.x.x and 172.31.x.x network. Add those two routes on that box and everything should work.

Re: routing with vlans (switch 5304xl)

Olaf Borowski, that makes perfect sense, i will check that right now.

i'll reply as soon as know more.

One more thing, even if i had 3 gateways, one of each vlan (subnet), and i had each vlan conected to that gateway, it would still create a problem, because the static route "ip route 0.0.0.0/0 172.16.0.1" is added to the switch and not individualy to a vlan, and therefore i couldn't had another static root like "ip route 0.0.0.0/0 172.30.0.1"

Re: routing with vlans (switch 5304xl)

An update to the situation:

Thanks to Olaf Borowski tip, i remember of trying something, sinse this switch also suports static NAT mapping, i had a static nat entry for one of the hosts in vlan2, like "ip nat static 172.30.0.16 172.16.0.19" and it worked the client 172.30.0.16 had internet access, this worked because this client's ip leaves the switch with the ip 172.16.0.19 (translated with nat) :)

This doesn't resolve my issue completly, it's just a temporary solution, and was just a test that proved that my problem really resides in the router that is responsable for the NAT to the internet, just like what Olaf Borowski said.

Many thanks for all your help, soon has i know more about this, i'll reply here, but i think the problem is practically resolved ;)

Re: routing with vlans (switch 5304xl)

Hugo,

What kind of router/internet gateway to you have (Brand/model) so I can help you map out the complete solution.BTW: You don't need RIPV2 to route between the vlans. The box routes between vlans with just "ip routing" turned on. You use RIP or other routing protocls to tell others (like your internet router/gateway) about you locally attached networks.

Re: routing with vlans (switch 5304xl)

Thomas Ahrer:

Yes it knows all vlans, like Olaf Borwoski said it learned from rip.

Olaf Borowski:

Actualiy i have several of them, but all of them cisco routers (2620 / 1710 / 3640 / etc), but for the time being, the information that leaves the switch passes through my gateway 172.16.0.1 and them is directed to a internet gateway 172.16.0.10, and this is the one i need to configure, wich is a cisco 1710 with IOS 12.3(12).

Note: this is still being tested in a lab environment, when this is implemented in the production environment i will need to update about 3 routers (internet gateways), so in fact each vlan will have it's own gateway. And in this case i'm not shure how i will insert the routes, since i can only add one 0.0.0.0/0 route

Re: routing with vlans (switch 5304xl)

Thomas Ahrer:

Yes u r correct, but like i said before 172.16.0.1 allready knows my vlans, those two routes were added by rip.

In fact the problem isn't the 172.16.0.1 because this is just my first gateway, the trafic that passes through this router is directed to another router (172.16.0.10) and this is the one responsible for natting to internet.

So the router i have to configure is 172.16.0.10, but i still haven't done this, because i didn't have time yet, i have several project in hand, and some of them have a higher priority than this one, but today i should have everyting working :D

As you can see it learned the two Subnets over RIP.Like Olaf said you do not need to have RIP Enabled on VLAN 10&20 as they are Directly Connected networks wich will be advertised by RIP running on VLAN 1 (default=enabled to advertise Directly Connected Networks over RIP).Your Gateway of 172.16.0.1 is that under your control? I get the strong impression that it is not running RIP.Preferrably you need to know the 172.16.0.1 configuration especially the output of the Routing Table.

If the 172.16.0.1 is not under your control you can also Sniff using a Monitoring Port (which I see is configured) and look for RIP Packets. Are you sure the 172.16.0.1 is running RIP and if so, what version? I takes two to tango right?

Mind you that at least one port in a VLAN must be Up in order for you to see it appearing in the Routing Table and therefore also RIP.

Re: routing with vlans (switch 5304xl)

I had the impression i needed to have rip enable on all the vlans, besides vlan1, but i'm testing that right now.

172.16.0.1 is under my control, but only recently, it wasn't me that did the initial set up, but also this router is running rip.

All of them r running rip v2

This is a pretty big and complex network and i just recently started to make changes to it's topology, and also, the 5304xl where the vlans are, is completly under my control, but my gateways (cisco routers) have more people involved, and so i can't make changes to it without previous discussion with the people involved. Everething has to be documented :)

But like i said before the routing tables are correct, the packets r reaching the desired destination, but r beeing discarted in the internet gateway, because the corrent NAT doesn't recognise vlan 2 and 3. I'm in the proccess of configuring an additional router with a dedicated internet line, for the porpose of testing, not only for this cenario of course. This is one of the reasons i haven't yet make the necessary changes to the current internet gateway.

But like i said in one of my previous messages, when i tryied the static nat entry in the 5304xl switch for vlan2, it worked, the host in vlan2 imidiatly recive internet access. This plus the correct routes, give a good ideia that the problem really resides in nat.

Re: routing with vlans (switch 5304xl)

Hi Hugo,

Sorry I overlooked that NAT part. So with NAT it works OK. That makes me very much inclined to believe that (as Routing Tables look ok) that your Firewall is blocking these subnets. So it matters how the traffic is sourced. I would look into the log of your Firewall.

Re: routing with vlans (switch 5304xl)

Hi

I have this issue resolved :D thanks to all your help

The main problem was as initially thought, the nat entries in my internet gateway.

I set up a seperate gateway with a internet connection and simulated my prodution environment, and the only thing i needed to do was add the correct nat entries, like "access-list 1 permit 172.30.0.0 0.0.255.255" (cisco router).

Of course that besides this entry, NAT needs to be already working properly and rip (in my case) must be enable in order for the router to recognise all my vlans.

So far there doesn't seem to be any more problems with my setup, so i'm pretty shure this is ready for the production environment.